Re: Active\standby failover on ASA5510

servnj · ‎02-13-2009

I am setting up active\standby failover on 2 ASA 5510's. I am also setting up a backup ISP link. Now should I set the monitor-interface on the inside and backup interfaces

So that if the inside goes down it fails over to the secondary device and if the outside interface to the Main ISP link goes down it starts sending traffic out through the Backup interface and if that goes down it fails over to the secondary device.

Another question can I use the Management0/0 interface for the for Failover connection? If not I have ran out of ports, I am using ports for Outside, Inside, Backup and DMZ.

cdusio · ‎02-16-2009

Your failover scenario involves two aspects. Link failure and ISP failure.

Link failures on the priumary asa cause failover to the secondary ASA so you can pick and choose which interfaces need to be addressed here.

The second thing can be solved by object tracking on the primary ISP so that if that object tracking component fails, you will use the second ISP.

Yes you can use the MGMNT interface.

-C

servnj · ‎02-20-2009

Whe you setup an ASA for failover is it just checking that it's own interfaces are working and passing traffic or what it is connected to, like the port of the switch to the inside network and the ISP modem to the outside or both.

cdusio · ‎02-20-2009

It checks the health of it's peer and by doing so it s checking the path integrity between the two ASA's.